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CLAIMS 

What is claimed is: 

1 . A security system for a computer apparatus, wherein said computer 

/ 

apparatus includes a processor and system memory, said security system comprising: 

at least one security module which under direction fronvthe processor accesses 
and analyzes selected portions of the computer apparatus to identify vulnerabilities; 

at least one utility module which under the direction from the processor, performs 
various utility functions with regards to the computer apparatus in response to the 
^ identified vulnerabilities; and 

a security system memory which ^fcntains security information for performing the 
analysis of the computer apparatus. 





2. The security system of claim 1 further including at least one graphical user 
interface in connection with the computer apparatus through which a system user may 
direct operations of the security system. 

3. The secunty system of claim 2 further including a reporting module which 
provides status information to the GUI with regards to operations of the security system. 

4. The security system of claim 1 wherein the security modules include at 
least one of: / 

a co/figuration/system module which performs an initial analysis of the computer 
system acquire configuration information; 

/a directory checking module which analyzes directories and files in the system 
meniory to determine if security critical files have been tampered with; 
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a user manager module which analyzes the system memory with regards 
improper of invalid permissions given to users of the system for accessing ^articular 
files; 

an integrity checking module which analyzes files in the sysj&n memory to 
identify system vulnerabilities; 

a network checking module which analyzes the computer apparatus to identify 
vulnerabilities created as a result of the computer appara^usconnecting with a data 
network; 

a password checking module which analyzes passwords for users of the computer 
apparatus to identify vulnerabilities. 

5. The security system of claim f wherein the utilities modules include at 
least one of: 

said user manager module which includes functionality to perform at least one of: 
create a user account, modify the u^er account, delete the user account, create a user 

j^and 

a file removal moduli which deletes selected files from the system memory and 
removes links to the deleted file; 

i 

a file marking module which marks selected files; and 
a scheduling module which may be employed to schedule any and all of the 
security module/ to perform analysis of the system memory. 

6. / The security system of claim 2 wherein the computer apparatus comprises 
a Unix server. 

The security system of claim 6 wherein the server is connected to a data 

network. 
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template, edit the user template yand delete the user template; 

le whic 
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8. The security system of claim 2 wherein a plurality of interface^screens are 
presented at the GUI for controlling operations of the security system. 

9. The security system of claim 4 wherein the system memory comprises a 
list of known vulnerabilities which may be employed by the integrity checking module. 

10. The security system of claim 4 wherein the system memory comprises 

/ . 

dictionaries and other tools employed by the password checking module. 

/ 

11. A method of providing a security assessment for a computer system which 
includes a system memory, comprising the steps/^f 

providing a security subsystem in the/computer system such that functionality of 
the security subsystem is directed through^ processor for the computer system, wherein 

.. 7 

the security performs steps comprising*: 

identifying a configuration of system; 

accessing the system memory and performing at least one procedure to provide a 
security assessment for at leas^ne aspect of the computer system; 

as a result of any vulnerabilities discovered in the assessment, identifying 
corrective measures to^e taken with regards to the computer system; 

reporting the discovered vulnerability and the identified corrective measures; and 

upon receiving an appropriate command, initiating the corrective measures. 

12. 'Ene method of claim 1 1 wherein the step of performing at least one 
procedure to drovide a security assessment includes at least one of: 

performing an analysis of the directories and files in the system memory to 
determine if security critical files have been tampered with; 

'analyzing the system memory with regards to improper or invalid permission 
givefl to users of the system for accessing particular files; 
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analyzing the computer apparatus to identify vulnerabilities created as a result of 
the computer apparatus connecting to a data network; and 

analyzing passwords for users of the computer apparatus to identify 
vulnerabilities. 

13. The method of claim 12 wherein bSsed on the identified vulnerabilities at 

/ 

least one of the following steps are performed* 

amending, deleting, or creating user accounts; 
amending, deleting, or creatin^user templates; 

deleting selected files from the system memory and removing links to said file; 
marking of selected files/vithin the system memory. 

/ 

14. The method o§/claim 12 wherein the method of analyzing directories and 
files comprises the steps of 

accessing individual files in the system memory; 
identifying thdtype of file contained therein; 

making a d^ermination as to whether the permissions for the identified file are 

secure; 

if the permissions are not secure, providing a report describing the insecurity; 
providing corrections for the detected files which are insecure and initializing 
corrective action upon receiving direction. 
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15. The method of claim 12 wherein the step or analyzing 
the system memory with regards to improper or irWalid 
permissions given to users further comprises June steps of: 

performing a check to see if a user oyns his or her home 
directory; 

performing a check to see if theyuser's group owns the 
home directory; 

performing a check to see if/user related files are 
valid; and 

performing a check to' see' if the user's directory exists. 

16. The method of claiirf 12 wherein the step of analyzing 
files in the system memor^o identify system vulnerabilities 



further comprises the steps of: 

providing a vulnerability database which includes a 
number of identified ^system vulnerabilities; 

accessing the individual files in the system memory; 

determining whether the file's owner matches a 
predetermined profile; 

determining whether the file's group matches a 
predetermined/profile; 

determining whether the permissions associated with the 
file match/a predetermined profile; and 

determining whether the files predate a patch; and 

providing a report on any vulnerabilities which may exist 
in ther system memory. 

/l7. The method of claim 12 wherein the step of analyzing 
thf computer apparatus to identify vulnerabilities traded as a 
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result of the computer apparatus connecting wi tyfi the data 
network : further comprises the steps of ; 

checking for insecure configuration files ; 
checking running of excessive system services; and 
checking whether the computer system is running in the 
promiscuous mode . 

18. The method of claim 12 /wherein the step of analyzing 
passwords further comprises the step of; 

identifying all passwords for the users of the. computer 
system; 

reading the password^ and for each identifying a next 
similar salt entry; 

identifying a next predetermined number of words from the 
dictionary; 

performing a/word filtering method with regards to the 




passwords to add to the word list; 

/ 

uni/hg 



determining whether the word is in the list. If the word 
is in the li£t removing the user from the list. 

19. Tme method of claim 11 further comprising the step 
of displacing result of the security analysis via a graphical 
user interface . 

2p. The method of claim 11 wherein the computer system 
is co/inected to a data network . 
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